Security Incidents mailing list archives
Re: find_ddos results
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Tue, 21 Nov 2000 10:18:38 -0800
On Sat, 18 Nov 2000, J C Lawrence wrote:
etc). Tracking such attempts down was obscenely difficult as you instantly ran into a maze of compromised boxes, none of which kept even reasonable system logs (as if you could trust them). Heck, attacks bounced thru open SOCSK proxies are already difficult enough to track down.
I'm not so concerned about actually tracking down the attackers in every case. Many times, it's appropriate to just redo your box and move on, especially if you got hit with just the Same Old Thing. (After you're satisfied that it's all known stuff of course.) The majority of my surprise had to do with the fact that the campus security guy didn't want to play a role in getting a DDoS agent off his net. I've been told that UNM has a reputation for lax security, and no follow-up. This thread would seem to confirm that. Such a reputation can only be self-fullfilling I think, unless a lot of effort is put into making it otherwise. Were it I in that situation (not enough manpower) then I think I'd teach an infosec course, and draft the students. Ryan
Current thread:
- find_ddos results Karl Malivuk (Nov 16)
- Re: find_ddos results Dave Dittrich (Nov 17)
- Re: find_ddos results Ryan Russell (Nov 17)
- Re: find_ddos results J C Lawrence (Nov 21)
- Re: find_ddos results Ryan Russell (Nov 22)
- Re: find_ddos results Valdis Kletnieks (Nov 24)
- Re: find_ddos results Jose Nazario (Nov 24)
- Re: find_ddos results J C Lawrence (Nov 21)
- Re: find_ddos results Jose Nazario (Nov 17)
- Re: find_ddos results Christophe Dubois (Nov 17)
- Re: find_ddos results Dave Dittrich (Nov 18)
- <Possible follow-ups>
- Re: find_ddos results Karl Malivuk (Nov 17)